Twitter Warns People to Steer Clear of Acai Berries

13th Dec 10:16

A new Twitter attack advertising acai berries has hijacked thousands of Twitter accounts and turned them into spammers.

The attack is spreading at a rapid pace — within a minute, more than 10,000 tweets related to the attack have popped up on the microblogging service. These tweets link to domains containing "acainews." We recommend that you don't click these links.

It's unclear at the moment how this particular attack operates, but it seems possible that just clicking the "acainews" link is enough to compromise your account (Update: see below). It's also possible that affected accounts may have previously been compromised by a third-party service. Regardless, this is one of the fastest-spreading attacks we've ever seen in our years tracking Twitter security and worms.

If your account has already been compromised, immediately change your Twitter password and check to see if your account is linked to any unknown third party accounts. We have contacted Twitter for more information.

According to TweetStats/TweepSearch/RowFeeder creator Damon Cortesi, it seems likely that the spam is coming from already-compromised accounts, rather than malicious code from the "acainews" links.

"I poked into the acai tweets a little bit. Definitely a lot more of my friends getting hit than normal, but looking at where the acainews(1-8) sites redirect to. I see no malicious code. I've even visited them while logged in to Twitter (on a dummy account) and had no adverse effect. I noticed similar spam going around a couple days ago with the Twitter Search link I sent you. All tweets coming from "web," destination page with no obviously malicious code.

We still strongly advise not clicking any links with "acainews" in the URL.

In another update, Twitter's Del Harvey said, the attack is likely related to a recent attack against Gawker that compromised 1.3 million commenter accounts. We've also found similarities between the compromised Gawker database and the compromised Twitter accounts. The recommended course of action is to change your Twitter password.